From owner-freebsd-security Mon Mar 20 17:10:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.targetnet.com (mail.targetnet.com [207.245.246.3]) by hub.freebsd.org (Postfix) with ESMTP id 7759F37BDEC for ; Mon, 20 Mar 2000 17:10:10 -0800 (PST) (envelope-from james@targetnet.com) Received: from james by mail.targetnet.com with local (Exim 3.02 #1) id 12Vy6s-000DOz-00; Fri, 17 Mar 2000 09:52:18 -0500 Date: Fri, 17 Mar 2000 09:52:18 -0500 From: James FitzGibbon To: Rodrigo Campos Cc: Sheldon Hearn , freebsd-security@freebsd.org Subject: Re: wrapping sshd Message-ID: <20000317095218.D41950@targetnet.com> References: <59327.953151264@axl.ops.uunet.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre1i In-Reply-To: Organization: Targetnet.com Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Rodrigo Campos (camposr@MATRIX.COM.BR) [000315 16:58]: > > The answer has nothing to do with secrurity, although you couldn't have > > known that without reading the sshd(8) manual page. :-) > > > > Look for the first occurance of the word inetd in the sshd(8) manual > > page. > > But my question has nothing to do with inetd, by "wrapping sshd" I mean > compiling it with support to libwrap, wich would make it read the > /etc/hosts.allow file in order to grant or deny access based on the > client hostname or ip address, even when it's running as a daemon. I agree with you on this one; the comment should be in /etc/inetd.conf and changed to reference the downside of having sshd running from inetd. The ports Makefile for the original datafellows sshd has the commment: # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # and I have always compiled my copy of sshd linked with libwrap for this reason. -- j. James FitzGibbon james@targetnet.com Targetnet.com Inc. Voice/Fax +1 416 306-0466/0452 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message